Just released a small walkthrough for some filters:
http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
I would love to see a lot more about SQL filter evasion/obfuscation in this forum although I have to admit that JS is just designed for obfuscation.

Indeed, I've been fooling around with this a bit myself, but so far only have found my testing app to be vulnerable.

I have two users with the same name in the DB, manes and mÁnes, both have different passwords. The query goes something like this:
$userrow = mysql_query("SELECT user FROM `Test` WHERE `user` = '" . mysql_real_escape_string($_POST['username']) . "' AND `passwd` = '" . md5($_POST['password']) . "';");
if(mysql_num_rows($userrow) != "1"){
echo "<font color='red'><b>Wrong username or password!</b></font>";
include "login.php";
} else {
$_SESSION['user'] = $_POST['username'];
header('Location: index.php');
}

If I log in with username manes, but using the password for mÁnes, it will log me in as the original manes. I tried adding DISTINCT, LIMIT 1, ORDER BY to circumvent this, but it only seemed to affect the results I got through MySQL console, my web app remained vulnerable. I went on to test this with another PHP app I downloaded, similar query:

$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful

But this time, it didn't matter which username I used (manes/mÁnes), it logged my in by the password I used... Also, SMF 1.1 allowed me to register both users, however would only let me log onto my original one.

- functions can be called with lots of spaces before parenthesis: SELECT ascii (1)
- there can be a lot of bullshit in this part and the syntax is still valid:
select(name) `bullshit bullshit bullshit`from users
select name `bullshit bullshit bullshit` from users
- this works as well:
select`name`buuullshit from users
select name buuullshit from users